Guardicore cybersecurity experts: The malware uses indiscriminate port scanning and exploitation of exposed SMB services with weak passwords and hashes.
Carbon Black cyber security experts: The malware exploits WRM and many independent threads for encryption. In addition, it can control how to scan data and target only SMBs.
Eleven were critical, but none of them has been exploited by cybercrime. SecurityAffairs: One was located in the Server Message Block (SMB) protocol, and dubbed SMBleed.
The CVE-2020-0796 affected the Server Message Block 3.1.1 (SMBv3). It could enable remote and arbitrary code execution, potentially taking control of the system. Moreover, it was wormable.
Microsoft confirmed. It has been dubbed “SMBGhost” and affects the Server Message Block (SMB) network communications protocol. It’s wormable and there are no mitigating factors.